• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Best way to allow multiple VMs to share one incomming IP ?

Elixer

Elixer

Lifer
By that, I mean, say you got 5-6 VMs, and each of them will have access to the 1 shared external IP for incoming connections.

Would it best to set 1 VM as the root host, then let it route the appropriate traffic to each VM, or, is there a better way to handle this ?

For example, an incoming connection to plan1.blah.org should route all traffic to/from VM1, and plan2.blah.org would route to VM2 and so on.

I don't think this could be done purely with IPTABLES, so, would need to use a reverse proxy (nginx) to handle this, or is there another alternative ?

Each VM should be able to talk to each other VM, along with the external connections.
Root server is debian + KVM.

Anyone see any flaws, or things to look out for in this method ?
(and no, I am not a network pro, just helping out a project).
 
I'm guessing all these VM's belong to the same domain and one of the VM's is a Domain Controller?

If so, we used to have the same environment in class and would setup either an RRAS server with an 'internal' network adapter pointed towards the domain, and an 'external' pointed towards the classroom server. Or would have a similiar server as the RRAS running TMG and setup rules to allow traffic to/from the network. In either case, the classroom server was the same IP, and was able to be communicated to with any machine within the domain.

Keep in mind I am fresh out of school, so felt the VMWare environment I've been learning in for the past two years seemed applicable to your scenario. My apologies if it doesn't make sense, or doesn't apply.

Good luck though!
 
Your scenario isn't much different than placing PCs behind a consumer router. They all share the same external IP (via NAT) and you can have firewall rules route the traffic to the proper internal host. So in your scenario, you'll just need some sort of routing mechanism in front of them -- hardware or software (RRAS would work as the previous poster suggested; another good alternative is the free Sophos UTM, which is what I run at home as the internal firewall in my DMZ).
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top